Blog

http://legaltimes.typepad.com/blt/2011/04/doj-pitches-gps-surveillance-case-to-supreme-court.html

http://legaltimes.typepad.com/files/doj_gps_cert.pdf

On Friday, the Solicitor General filed a certiorari petition with the Supreme Court to resolve a circuit split on whether a warrant is required for GPS surveillance. The case, United States v. Jones, involves the government’s use of GPS tracking technology to monitor a person’s movements on public roads for an extended period of time.

As part of an investigation into the defendant’s supposed narcotics distribution, the FBI placed a GPS tracking device on defendant Jones’s Jeep, tracking its movements 24 hours a day for 4 weeks. The FBI’s prolonged tracking of Jones without a warrant raised serious 4th Amendment and privacy concerns. On appeal of his conviction in the D.C. Circuit, Jones argued that the Government’s use of a GPS device constituted a violation of his reasonable expectation of privacy and was a breach of his 4th Amendment right. The Government relied on United States v. Knotts for the position that the tracking of a suspect on public roads does not constitute a search. In Knotts a beeper was placed in a container containing chemicals used in the production of methamphetamine to track the suspect’s vehicle from the purchase location to his cabin. The Court of Appeals held that Knotts did not control as it did not address the issue of a prolonged, dragnet type surveillance. The Court reasoned that while the movement of the defendant in Knotts, from one location to another, was readily exposed to the public, the totality of Jones’s movements over the course of a month was not. The aggregation of Jones’s movements for an entire month reveals intimate details that a single trip would not and therefore there was a reasonable expectation of privacy in those movements.

The D.C. Circuit’s adoption of this “mosaic theory” of privacy puts it at odds with the Seventh, Eighth, and Ninth Circuits, all of which permit warrantless GPS surveillance. The Government maintains that the D.C. Circuit’s contrary holding will hamper the ability of law enforcement to collect evidence to establish probable cause at the onset of an investigation. It also makes a slippery slope argument, fearing that wider acceptance of the “mosaic theory” will jeopardize other longstanding investigatory techniques used to collect public information on criminal suspects.

The Jones case presents the Court with the opportunity to revisit its thirty-year-old holding in Knotts and squarely address whether the aggregation of otherwise public information through sophisticated technological means changes the nature of a suspect’s privacy expectations. It remains to be seen whether the Court will, in Jones or a future case, follow the lead of a number of states that have imposed a warrant requirement in these circumstances.

Article Link: http://www.latimes.com/business/la-fi-do-not-track-20110406,0,3461978,full.story
Link to Bill: http://dist27.casen.govoffice.com/index.asp?Type=B_BASIC&SEC={2C530FAF-6F85-4236-BB30-293D33F815E5}

Continuing the groundswell of support for Do-Not-Track across the nation, California State Senator Alan Lowenthal (D-Long Beach) introduced legislation that would force Internet companies doing business in California to allow consumers to opt out of online monitoring. If passed, California would be the first state to have a do-not-track law. Lowenthal is hoping that passage in democratically controlled California could act as a “stimulus to the rest of the nation.”

The proposed bill broadly applies to all connected devices, likely requiring software updates to many existing smart phones, computers, tablets, and Internet TVs. It empowers the state attorney general to issue regulation requiring that websites give users a simple method to block tracking. The bill allows individuals and the state attorney general to target violations with civil suits.
The bill is backed by a number of advocacy groups, including Consumer Watchdog, Privacy Rights Clearing House, Common Sense Media, and the California Consumer Federation. However, the Interactive Advertising Bureau, a digital marketing industry group, criticized that a strict reading of the legislation, SB761, would prevent websites from collecting innocuous information that could hurt the user experience. IAB also believes that the bill could be an unconstitutional restriction on interstate commerce.

Not long ago, denizens of the web were thrown into a frenzy by Chatroulette, an innovative website that randomly paired visitors with webcams for impromptu video chats.

Hot off the HackerNews presses, meet RandTXT – Chatroulette for text messages. RandTXT allows anyone with a cell phone to anonymously send a text message to a randomly selected person and receive an anonymous reply from that person.

The instructions are simple: “(1) Send a (random, funny) text message to (650) 681-0830; (2) you’ll immediately receive a random text message from another person; (3) reply to the random text you just got; (4); get a reply to the original random text you sent.” All chat exchanges are posted to a public website that displays the originating phone’s area code but nothing else.

As with Chatroulette, the content runs the gamut from extremely obscene to serious, with almost anything in the middle. My favorite exchange so far:

Original Message: Is a hippopotamus a hippopotamus or just a really cool opotamus?
Reply Message: The latter

At first blush, this probably seems like a very minor addition to the technological landscape. After all, Twitter basically allows users to do the same thing – send short text messages. Yet there is something deep at the heart of RandTXT that is missing in Twitter – intimacy. Up until now, SMS has retained its status as a uniquely personal mode of communication. Unlike a tweet, which is broadcast to the world (or a limited number of followers), an SMS message is plain text’s version of the phone call. As a result, it brings with it a different set of contextually-rooted principles of information flow.

To give an example, one might well tweet one’s breakfast (particularly a delicious one), but one would probably not send an SMS to one’s friend solely to report this fact. While Twitter has become a forum for open contemplation and whimsical revelation, SMS is, or at least has been, a tool for more formal and personal communication. The social importance of SMS is evident in the sheer number of SMS-oriented applications that have proliferated on the iOS and Android mobile operating systems. Fast Society, Beluga, Disco, GroupMe – the list could go on. These applications offer very little that email does not. Yet they are extremely popular. For some reason, the SMS message holds a degree of appeal that other forms of communication can’t match.

If you buy my assertion that SMS is a more intimate protocol, then RandTXT becomes a lot more exciting. This is because RandTXT brazenly pulls SMS inside-out. The resulting cognitive dissonance – of using a private non-anonymous protocol (SMS) in a decidedly public and anonymous way – is thrilling.

OK – so it’s thrilling. Lots of online experiences are. But why should we care about this one? The thrill of services such as RandTXT and Chatroulette draws people into a mode of interaction they can’t find elsewhere. As a result, these services have enormous expressive potential. This is not to say that such open-ended services don’t have problems. As Jonathan Zittrain has famously pointed out, generativity can be a risky proposition. Plenty of objectionable content has surfaced on services such as RandTXT and will continue to do so. Yet insofar as Chatroulette and RandTXT users enjoy a social surplus from the new experience, and this surplus outweighs the loss caused by objectionable content, these services are worth supporting.

Which brings me to what I suppose is the point of this post – specifically (a) that opportunities for anonymity and pseudonymity on the web are shrinking, and (b) that this isn’t a good thing. While false identity allows those with impure motives to wreak havoc, it also empowers new (and old) methods of communication and human interaction. These methods of communication and interaction can advance not only our constantly-evolving discourse but also our understanding of ourselves. To the extent that privacy law exists to protect our right of expression, it should take care to make sure that the increasingly “identifying” Internet preserves a place for the delightfully obscured.

Available at: http://online.wsj.com/article_email/SB10001424052748703467304575383522318244234-lMyQjAxMTAxMDAwMzEwNDMyWj.html; Stalkers Exploit Cellphone GPS – Mobile Location Tracking – WSJ.com

In August of 2010, the Wall Street Journal reported that global-positioning-system (GPS) technology offered by cellular carriers is being used by stalkers. Although the technology is intended to rescue lost drivers, locate kidnap victims and enable other noble endeavors, it has had the unintended consequence of allowing stalkers to more easily track their victims. According to the article, cellular GPS technology has become the easiest, and possibly the most common, way for stalkers to locate their targets.

Certain carriers, such as AT&T, offered deals to consumers allowing them to “sign up” for these tracking services. However, although the carrier alerts phone users when tracking functions are activated, such users do not have the right to refuse to be tracked by the account holder. Their only option to avoid detection is to turn off their phone.

Carriers will also agree to deactivate GPS tracking functions if requested to do so by law enforcement officials. As of August 2010, no carriers had been asked to alter their GPS programs.

According to the article, the ease of access to GPS tracking capabilities is, in part, an unintended consequence of federal regulations that require the installation of GPS chips into cellular phones. The intent of these regulations was to allow easier access to emergency services, and the regulations have been largely successful in this area.

Unfortunately, GPS capabilities have also had negative consequences, as tech companies have found other uses for tracking data. For instance, software manufacturers have developed software that can be surreptitiously loaded on someone else’s cellular phone and used to track that person’s movements through the already-existing GPS technology. This allows any third party (i.e. someone other than the cellular carrier) to track someone else’s location. This unintended usage has proven especially problematic for victims of domestic violence, and has even driven certain domestic violence shelters to dismantle the phones of the victims who they house. These systems have also been abused by law enforcement officers who have reportedly used location data for personal reasons. They are able to do so because federal law allows carriers to turn such data over in emergencies without subpoenas, but carriers are unable to verify whether an emergency situation truly exists.

Available at:
http://www.cnn.com/2011/TECH/mobile/03/31/google.face/index.html; Google making app that would identify people’s faces – CNN.com

Google has announced that it is working on a mobile application that would allow users to take pictures of people’s faces in order to access their personal information. The product would include a user’s name, phone number, and e-mail address, but Google has not indicated what other personal data might be available. Indications are that the system could be programmed to obtain publicly available pictures from third-party websites, such as Facebook.

Privacy advocates have expressed concern with this ability, especially in the wake of Google’s recent privacy “missteps.” For example, Google recently settled over grievances relating to its social networking service, Buzz. Google is also in the midst of inquiries by numerous government agencies concerning its Street View program.

Perhaps in response to privacy concerns, Google plans to use an “opt-in” model, whereby people would have to agree to give Google permission to access their personal information via facial recognition. Although this would limit the application’s utility, Google foresees many circumstances in which people would agree to be found.

Surely most of you have seen Google’s “new” feature, Gmail Motion. If not, check out the video below:

Gmail Motion

The April Fools’ posting has become a bit of a tradition at Google. My personal favorite is Google Gulp. There’s a lot of fun to be had here for sure. But there’s also a lesson to be learned – or at least something serious to think about.

The Google pranks work because, like it or not, they are presented in the same “trust us, it’s OK” fashion as the rest of Google’s services. Like it or not, we have become accustomed to filling in forms, following links, and generally passively interacting with services we use online. When Google says “click here to find out about this amazing new service,” we probably do so. And when Google shows us a video about this new service, we expect to be (and are perhaps conditioned to think) that everything the video demonstrates is as great as it purports it to be.

Google, of course, capitalizes on this in building the visual elements of the prank. For example, the link to the prank is subtly included at the top right of the Gmail webmail client and below the Google homepage search field. These locations are precisely where Google draws us into legitimate new products. So we click.

The prank deepens with the landing page, the video on which is linked to above. The page is decked out just like any other Google product page. The usual language, font set, graphical flare – it’s all there. It draws us in in such a way that it might take a few minutes before we actually think critically about the substance. And, depending on how strong this effect is, we might be half through a tweet or Facebook posting about the service before we realize we’ve been duped. Not because we’re stupid. But because we’re operating on some sort of aesthetically-driven autopilot.

The point is that trusted parties such as Google have enormous ability to leverage the trust of users. In this case, the harm is minimal. A little embarrassment, if anything. This won’t always be the case. Google (and other major providers such as Facebook) are adept at using visual architecture, friendly tone, and other “trust cues.” Where the end result is a short video that informs you of the prank, there’s not much to worry about. But where the end result is unwitting participation in a terrible service such as Buzz, the ante is significantly upped.

The solution isn’t, of course, that we shouldn’t trust anything online. Services such as Gmail exist because we all trust Google with our content. Such trust, unmitigated, is problematic. But such trust, properly limited, is necessary to ensure the societal surplus that results when we can all use a valuable service such as Gmail. Rather, the problem is the risk of passive use and acculturation – the problem of “clicking here” or filling out a form by rote and without proper consideration.

I don’t have a solution for this problem in mind. For the moment, I’d just suggest that while we laugh at Google’s gag, we take a moment to think about why it’s so effective – and how the engine of that efficacy drives more serious and problematic privacy issues online.

Google Book Search allows anyone to search a massive library of books that Google has scanned. A few years ago, the Authors Guild sued Google to stop the project and various settlement agreements have subsequently been proposed. Judge Denny Chin recently rejected the latest settlement agreement.^[1] Though he suggested that the opt-out provision, allowing Google to scan any work unless the right holder opts out, was the main reason for rejecting the settlement, Chin also stated that “the privacy concerns are real.”

Chin noted the concern that the settlement agreement does not limit what reader information Google can track, potentially allowing Google to create detailed profiles of its readers. Chin also noted issues as to whether and to what extent Google could share such information with others. Finally, though not in the opinion, some have voiced concern over transparency with what the privacy policies will be and how much control users will have over their privacy settings.^[2]

Despite the privacy concerns, Chin apparently does not believe “they are a basis in themselves to reject the proposed settlement.” In coming to this conclusion, Chin notes Google has obliged itself to follow voluntary safeguards. But while Google has previously offered assurances that the “principles” of its normal privacy policy would apply to Book Search, it has declined to offer specific details. Google has also suggested it cannot develop an adequate privacy policy until it finishes developing Book Search, though few would argue Book Search is currently so undeveloped that it does not require any consideration of privacy.

While privacy issues may not be the deciding factor in the Google Book Search settlement, and Google has certainly sought to downplay them, they will undoubtedly become an important issue once the legal issues are resolved and the practical problems with the project must be dealt with.

1 See http://thepublicindex.org/docs/amended_settlement/opinion.pdf.
2 See http://www.aclunc.org/issues/technology/google_don’t_close_the_book_on_reader_privacy.shtml

The Chinese Government has announced plans to track 1.7 million cellphone users in Beijing through location technology, in order to help city authorities better manage traffic (see http://www.bjjtgl.gov.cn/publish/portal1/tab165/info23222.htm). However, this raises concerns that the government may abuse this technology for surveillance purposes, infringing a variety of human rights.

China maintains a tight grip on the flow of information within and out of the country. It has already blocked sites like Youtube and Twitter, driven Google China out of the mainland and into Hong Kong, and even required telecommunications operators and internet service providers to cooperate with the State in locating leaks of state secrets:

http://www.nytimes.com/2009/07/07/world/asia/07beijing.html

http://au.ibtimes.com/articles/21189/20100428/china-telco-isps-communication-information-control-censorship-google-yahoo-facebook-twitter-internet.htm

With the Chinese government now engaging in such highly comprehensive cellphone tracking, a number of human rights concerns arises, including the possibility of political dissenters being monitored and tracked as the government clamps down on its critics. Apart from its judicial branches of government, Chinese citizens can also make claims, “petitions”, to the highest level of government seated in Beijing. Through its many tactics of getting rid of petitioners, the most heinous is tracking down these individuals, arresting them for social disturbance or throwing them in mental institutions (see http://www.unhcr.org/refworld/docid/4c05091b19.html). Cellphone tracking, although politically neutral on its face, can at best chill free speech and peaceful protests (i.e. Jasmine Rallies), at worst, allow government officials and police to have easier access to dissidents.

Of course, it could be argued that, on a daily basis, individual privacy is hardly interfered with if cellphone tracking is used for its asserted purpose – after all, each person would merely be one of 1.7 million other “trackees” in one of the most densely populated cities in the world. Furthermore, it has been well documented that Beijing has one of the world’s biggest problems with traffic (http://www.bbc.co.uk/news/world-asia-pacific-11062708). Last August, there was a nine-day traffic jam that stretched 100km just outside of Beijing. However, it is questionable what tracking cellphones can really do to aid traffic flow. The main problem is the amount of cars on the road — better solutions should target a reduction of cars, rather than simply band-aid solutions to track individuals.

Further, if tracking were really implemented concerns do arise where “targeted” rather than simply “general” cellphone tracking takes place — a capacity that both the Chinese and all other governments possess, and is highly susceptible to abuse.

For more information:

http://voices.washingtonpost.com/posttech/2011/03/china_said_it_may_begin.html